CVE-2025-31333: Odata meta-data tampering in SAP S4CORE entity
First published: Tue Apr 08 2025(Updated: )
SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP S/4HANA |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-31333?
CVE-2025-31333 has a low severity rating as it primarily affects the integrity of the application.
How do I fix CVE-2025-31333?
To mitigate CVE-2025-31333, ensure that proper validation and access controls are implemented for OData metadata properties.
What impact does CVE-2025-31333 have on data integrity?
CVE-2025-31333 allows attackers to tamper with entity sets, which can compromise the integrity of application data.
Is CVE-2025-31333 related to confidentiality issues?
CVE-2025-31333 does not impact confidentiality, as it focuses primarily on data integrity.
What applications are affected by CVE-2025-31333?
CVE-2025-31333 affects the SAP S4CORE component of the SAP S/4HANA software.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/description
- agent/type
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/sap
- canonical/sap s/4hana